Network News

X My Profile
View More Activity

Adobe Issues Security Update

Adobe on Monday issued a new version of Acrobat to fix what it called a "critical" security vulnerability in the program that hackers could use to hijack machines running the software just by convincing people to open a specially crafted PDF document.

Nearly everyone has the free Adobe Reader installed on their computers, as it is necessary to view PDF files. Adobe Acrobat, the paid version of the product, allows users to not only view Adobe documents but create and modify them as well. This flaw is present in Acrobat versions 6.0.4 and earlier, for both Windows and Mac. Adobe recommends that customers either use the product's automatic update feature to install version 6.0.5 or manually download and install the update.

By Brian Krebs  |  July 12, 2006; 10:45 AM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Patches 18 Security Flaws in Windows, Office
Next: Microsoft Stabs at Blogspam, Pokes Google

Comments

I updated my Adobe Reader to version 7.0. Why don't you recommend installing the most current version which I have labled as 7.0?

Posted by: Glenn | July 12, 2006 11:57 AM | Report abuse

Maybe it's nitpicking, but Adobe Reader is NOT required to view PDF files. I'm using Foxit Reader (free) and don't have Adobe's reader installed anywhere on my machine because I couldn't take the slowness, lack of reliability, and insecurity. Not to mention the obnoxious self-updating and desire to install unrelated software.

Posted by: Not a fan of 'Reader' | July 12, 2006 12:00 PM | Report abuse

According to adobes security advisory, this vulnerability only affects users with Acrobat Standard and Professional. Not Acrobat Reader. Thats probably why they advised the free upgrade to 6.05, because to go to version 7 users would have to pay for an upgrade license.

Posted by: Anonymous | July 12, 2006 12:45 PM | Report abuse

If I read Brian's post correctly the fix is only for the paid version (Acrobat)which is at 6.05. The free version (Reader) is at 7.08. Most people will not have the Acrobat version.

Posted by: Mark | July 12, 2006 12:53 PM | Report abuse

Mark, you are spot on there, chief. This was not a Reader update (although they recently updated that too). Also, the link to the downloads in this post was messed up, and that's been fixed now.

Posted by: Bk | July 12, 2006 1:36 PM | Report abuse

Thanks, Brian, for the information.

Unfortunately, I have the "ancient" Adobe Acrobat 4.0. When I tried to upgrade to 6.0.5, it told me I had to have 6.0.4 installed first. Then when I tried to install 6.0.4, it told me I had to have 6.0.3 installed first.

That's as far as I went -- it looked like I would have to install everything from 4.0 forward before I could install 6.0.5.

It seems to me the easier (but more expensive) way to do this would be to simply buy an upgrade to 7.0 -- at $99 US dollars.

So I may just do that.

Thanks for your great columns!

Posted by: John Cali | July 12, 2006 3:03 PM | Report abuse

The last link in your post about Adobe is broken -- http://blog.washingtonpost.com/securityfix/www.adobe.com/support/downloads

But, really just wanted to tell you that you've been doing really fantastic stuff, especially over the last year -- both with the blog and with botnet/hacker reporting.


Posted by: Ryan Singel | July 12, 2006 3:11 PM | Report abuse

Yes, as "Not a fan of 'Reader'" says, Acrobat Reader is not required to read PDF files. On the Mac, Apple's built-in Preview app displays them. And much more quickly than Reader, I might add.

(Mac users also can create PDFs without Acrobat, as the ability to create PDFs is built into the Print dialog.)

Posted by: D T Nelson | July 12, 2006 3:35 PM | Report abuse

Adobe has become one of the most annoying programs, with constant updates. They even had one that required a restart. I can't believe they have made this program to view documents so complicated now

Posted by: Steve B | July 12, 2006 5:51 PM | Report abuse

Love your blog - Link to Adobe still not working. Adobe is and has been an insidious program that cannot be completely removed once installed. Unfortunately, programs using it will force an install of Adobe reader without making sure it is not already installed (happened twice with me and I have the professional). At one point I had 6 Adobe versions! What is up with That?

Posted by: C. Engle | July 13, 2006 11:53 AM | Report abuse

C. Engle -- Which link isn't working for you? I just checked all of them and they appear to be working fine on my end.

Posted by: Bk | July 13, 2006 12:17 PM | Report abuse

I also have Foxit. But still (have to?) use Adobe for fillable PDF's. Hopefully Foxit Software will add that feature in the future.
Note: filling in a form, is not to be confused/is not the same as Foxit's typewriter mode.

Posted by: Miron G | July 13, 2006 12:59 PM | Report abuse

I sent an email to save time....

Posted by: C. Engle | July 13, 2006 1:10 PM | Report abuse

I havedownloaded Adobe's 7.0.8 version...but there is no "Print" button showing anywhere to print out things like bills. On the previous version, I had to push the whole window up to the top as far as it would go just to see the top of their "Print" button...but there is none on this latest version. Am I doing something wrong? Adobe wants $39 to answer my complaint.

Posted by: Don Geary | July 13, 2006 1:33 PM | Report abuse

Thanks for the 6.0.5 update notice. 7.0.8 produced garbage printouts on our Minolta QMS PagePro 1250e; OK display but garbage text (images OK). No effective help from either Adobe or Minolta. Uninstalled 7.0.8.
Found AR 6.0.1 on the Maxtor install CD (in six languages; 5.x is on the Minolta install CD). Downloaded and installed each 6.x update, to get to 6.0.5; it took about 5 minutes. All .pdf docs render fine on the Minolta printer now; the culprit was compatibility with AR 7.0.8.
Thanks to other readers/commentors for mentioning Foxit; we'll look for it.

Posted by: Jay | July 14, 2006 4:04 PM | Report abuse

Today, I was serfing the web looking for some perticular info. I found a PDF with some of the info I was looking for. I got a warning about my perticular version of Adobe (6.0.1) not fully supporting the document. So, I promptly went to Adobe's website and downloaded the current version (7.0.8). The installer tells me that it requires Adobe Reader 6.0.1 to be installed in order for it to run. Being that I already have 6.0.1, I tried to uninstall and reinstall it to correct the problem.

I wasted half a day playing with this issue and have resigned myself to stick with 6.0.1 until I get around to finding the free viewer listed above here. I have been annoyed for years with Adobe's willingness to try and force feed extra plugins and unrelated software. I'd be willing to pay for a competing product that met my needs. I sure will not be giving this organization any of my money.

Adobe should rethink their approach. In reading this blog and other places on the web, I am obviously not the only person annoyed with them.

Posted by: Jade | August 26, 2006 2:30 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company